Analysis by: Kenny Ye

 PLATFORM:

Android

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Adware

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel: Via app stores

This is the Trend Micro detection for the SDK found in possibly thousands of apps once hosted in Google Play. Most of these apps have been since removed.

To get a one-glance comprehensive view of the behavior of this Adware, refer to the Threat Diagram shown below.

  TECHNICAL DETAILS

File Size: 4,167,825 bytes
File Type: APK
Memory Resident: Yes
Initial Samples Received Date: 15 Aug 2014

NOTES:

This malware family contains an ad SDK named MDash, which delivers ads to end user and can potentially deliver malware.

Once executed, this adware installs shortcuts and a browser homepage for some ads. According to the remote configuration, the ads start after a 288,000 second delay.

This adware displays ads every time the user unlocks his phone. The adware also sets up alarms to check and start itself every 15 minutes.

This adware collects information about the installed apps on the device and sends the information to the remote server to deploy ads promoting apps similar to the ones installed.

There are several types of ads supported by the SDK, including the following:

  • Alert – shows the ad in an alert dialogue box
  • Recommendation – presented as a recommendation by someone in the user’s contact list
  • Link – presents a pop-up message, that when clicked, opens the browser to display the ad
  • SDK – loads other popular ad SDKs to show ads

This adware has the ability to make calls in the background without user consent. Furthermore, the SDK contains code to delete the device's call history to hide the suspicious activity.

  SOLUTION

Minimum Scan Engine: 9.750

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:


Did this description help? Tell us how we did.